IDS mailing list archives
Re: Router/Switches and viruses
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 06 May 2005 15:58:44 +1200
Seek Knowledge wrote:
Does anyone have any first-hand experience with a single infected desktop machine (or windows server for that matter) taking out a LAN switch? Would anyone have any stories from the trenches of an infected machine causing a directly connected router to stop functioning?
Well it's pretty easy. a> infect a 100Mb Ethernet PC with SQL SLAMMER b> watch SLAMMER try to infect Internet hosts at a rate of 10,000/sec c> watch 1.5Mbs Internet link DIE It's not really the routers fault - but you could certainly say a virus/trojan "killed" a router.
If so, what could be done to prevent such an outage? What IDS/IPS strategy might one implement to prevent and or at least detect such an event?
MUCH Bigger pipes? ;-) Seriously tho, NIDS can help here. But it means running NIDS on your Internal network instead of the more traditional monitoring your DMZes/etc. If you monitor all WAN traffic, you can pick up such things - and still have a project that you can possibly get the funding for. (i.e. saying you want to have NIDS in your Core 10Gb LAN switches is an order of magnitude more expensive than wanting to monitor your ~T1/E1 WAN links). -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Router/Switches and viruses Seek Knowledge (May 04)
- Re: Router/Switches and viruses Per Engelbrecht (May 06)
- Re: Router/Switches and viruses Derek Nash (May 06)
- Re: Router/Switches and viruses Robert Holtz (May 06)
- Re: Router/Switches and viruses Kevin (May 06)
- Re: Router/Switches and viruses Jason Haar (May 06)
- RE: Router/Switches and viruses Wolfpaw - Dale Corse (May 09)
- <Possible follow-ups>
- Re: Router/Switches and viruses Chris Byrd (May 06)
- RE: Router/Switches and viruses Steven Williams (May 09)
- RE: Router/Switches and viruses THolman (May 19)